why not a txt record?

https://blog.apnic.net/2022/12/02/improving-sshs-security-with-sshfp-dns-records/

1. Enable DNSSEC for your domain(s).
2. Collect and deploy the SSHFP records for all your SSH-accessible systems using ssh-keyscan.
3. Add VerifyHostKeyDNS=yes to your ~/.ssh/config.